Trump Administration Criticized at Hearing for Abolishing Cyber Posts

The Trump administration was criticized at a Senate hearing today for abolishing key cyber posts in the White House and the State Department. Also under fire at the hearing were the European Union’s General Data Protection Regulation (GDPR) and other localized data frameworks.

Under former Secretary of State Rex Tillerson, the State Department moved offices dedicated to addressing international cybersecurity, telecommunications, and technology issues into the Bureau of Economic and Business Affairs. More recently, National Security Adviser John Bolton eliminated the position of cybersecurity coordinator on the National Security Council.

The Senate Foreign Relations Committee recently approved a bill that would require the State Department to establish an Office of Cyberspace and the Digital Economy headed by a Senate-confirmed ambassador (TR Daily, June 26). The Cyber Diplomacy Act (HR 3776) would restore and elevate the role of the State Department cyber coordinator – a position that was established under the Obama administration to promote an open Internet worldwide and work with other governments on cyberspace issues.

The legislation drew praise at a hearing today held by the Senate communications, technology, innovation, and the Internet subcommittee on the impact of global Internet governance on U.S. businesses.

Sen. Brian Schatz (D., Hawaii), the subcommittee’s ranking member, said he wants the administration to reestablish the cybersecurity coordinator role at the NSC and said that Congress is trying to reestablish the cyber office at State.

The senator said the U.S. must play a key role in Internet governance, including protecting the multistakeholder process, adding, “Our standing down will create a vacuum for authoritarian regimes.”

Christopher Painter, the first cybersecurity coordinator at the State Department who is a member of the Global Commission on the Stability of Cyberspace, said the State Department cyber office was the first such one established by a foreign ministry and that more than 25 now exist across the world.

“I applaud the continued efforts of my former colleagues at State, Commerce and other agencies, but I believe those efforts have been hampered by the lack of a sufficiently high-level office at the State Department and the recent abolition of the Cyber Coordinator position at the White House,” he said. “On the first, as I noted above, my former office, among many other things, facilitated coordination across the government and helped provide high level representation with other governments to advance U.S. policies on a range of issues. I commend the House and Senate efforts to restore, strengthen and institutionalize my former office. The House passed the Cyber Diplomacy Act several months ago and the Senate Foreign Relations Committee recently voted a companion bill out of committee. I am particularly pleased that these were bi-partisan efforts reflecting the bi-partisan nature of most of these issues. Hopefully, the Department of State will take action on this matter soon.”

Today’s hearing explored a wide variety of issues, including cybersecurity, localized data frameworks, and Russian hacking of U.S. election systems.

“Policies targeting data and networks often stem from a country’s interest in fostering its own innovation or protecting its people from possible data misuse. But here’s a new problem, the global nature of the internet means that the impact and power of these laws goes beyond a jurisdiction’s borders,” Sen. Roger Wicker (R., Miss.), the subcommittee’s chairman, said in his opening statement at the hearing. “U.S. companies compelled [are] to change business models or alter operations to achieve compliance in foreign markets, and they are experiencing disruptions in their own domestic operations as well. The result is less job creation, less investment, and less innovation in the United States. Consumers are feeling the effects of international internet policies, also. Overly restrictive limitations on data movement or inconsistencies across jurisdictions ultimately deliver an internet experience to consumers that is less personalized and more expensive to access.”

During today’s hearing, the GDPR, which recently took effect, also drew criticism.

“A popular misconception about the GDPR is that it protects privacy; it does not. The GDPR is about data protection or more correctly, data governance,” said Roslyn Layton, a visiting scholar at the American Enterprise Institute.

“U.S. companies are now suffering because of its cost and complexity,” Ms. Layton said of the GDPR. She said that as a result of the framework, residents of the EU can’t access many websites, including those of retailers and newspapers.

She said that “Americans can develop a better regime through science, technology, and innovation. Policymakers can incentivize this with partnerships for grants, prizes, award, competitions, and safe harbors for innovation to ensure that innovators can innovate without punishment.”

“GDPR has touched every aspect of our industry, but notably it has significantly disrupted the WHOIS service, which is an online directory of contact information for domain name registrants,” said James Bladel, vice president-policy for GoDaddy, Inc. “WHOIS is a two-edged sword, serving as an important tool for law enforcement agencies and other stakeholders, while also being a gold mine of personal data for spammers. Currently, we are engaged with representatives of law enforcement agencies and our colleagues at the Internet Corporation for Assigned Names and Numbers (ICANN) to strike the right balance between providing access to WHOIS data for legitimate needs, while still protecting the private information of our customers.”

Denise Zheng, VP-policy for the Business Roundtable, complained that “there has been a rapid increase in the number of complex, conflicting, and uncoordinated ICT [information and communications technology] public policies from governments around the world. This trend undermines global digital innovation and trade by creating policy and regulatory fragmentation, business uncertainty, overwhelming compliance costs, and other unintended consequences. The European Union (EU) and China are currently the most active players in developing and implementing ICT policies. But India, Russia, South Korea, and other … countries are ramping up efforts to develop and enforce a wide range of cybersecurity, privacy, and data localization policies. Already at least 34 different countries have data localization requirements, while approximately 120 countries have data privacy laws and many more countries are considering legislation in this area.”

“The U.S. government and U.S. companies should lead in developing norms, best practices, and standards for the internet and digital platforms,” Ms. Zheng added. “Areas of focus include cybersecurity, privacy, and cross?border data flows. At the same time, emerging technologies such as artificial intelligence, autonomous vehicles, blockchain, internet of things, and robotics require serious attention, because rules do not yet exist.”

“In the face of an already fragmented environment, the U.S. government should play a leadership role to align or harmonize where possible existing ICT policies, regulations, and standards globally, and maintain that same approach for emerging technologies to avoid costly fragmentation,” Ms. Zheng added.

Mr. Painter said that the U.S. should have a “high-level cross-cutting, integrated strategy that leverages all relevant government agencies, outside stakeholders and like-minded countries to deal with the many challenges we face internationally and helps direct and prioritize our engagements.”

He said such coalition-building is necessary in response to the GDPR and other localization policies, where he said the U.S. and its allies should provide “concrete alternatives” to those frameworks.

Michael Chertoff, cofounder and executive chairman of The Chertoff Group and former secretary of the Department of Homeland Security, also stressed the need for consensus-building “with like-minded countries, other democracies and Western countries who agree on the broader principles of the internet but may disagree about how to regulate, shape, and manage it. We must recognize that we may, at times, disagree with even our closest allies on policy particulars, but in the end, it is better to reach an imperfect compromise with them than allow for the disintegration of the internet as we know. So much of the internet’s value is in its global nature, and we must work across international borders if we hope to preserve it as a common good.”

Mr. Chertoff, who is also a member of the Global Commission on the Stability of Cyberspace, added, “Without that cooperation we are likely to see new barriers, intended or not, appear and impede the development and growth of the internet. Data localization requirements, for example, may be enacted to protect a country’s citizens’ data, but have the more practical effect of significantly raising costs, diminishing competition, frustrating international commerce, and preventing citizens from accessing the services of providers based outside their own country. New regulations may be enacted to protect users’ privacy but result in unexpected delays in cross-border law enforcement cooperation. The best way to avoid such barriers is to work with other countries to address these issues, as many countries share the same concerns and would all benefit from coordinated action.”

At today’s hearing, Democratic senators and witnesses also stressed the importance of combatting Russian interference in U.S. elections.

Mr. Painter said that “a declaratory policy” would be helpful, adding that “high-level” and inconsistent messaging from the Trump administration “undercuts” U.S. actions against Russia.

Sen. Amy Klobuchar (D., Minn.) asked whether states are adequately prepared for any attempts to hack their elections equipment.

States now realize they must be vigilant against such attacks, Mr. Chertoff said.

“But to be honest, this ship is going to take a while to turn around,” he added, citing states’ “aging infrastructure” and the fact that some don’t realize how much systems are connected to the Internet.

“I don’t know that we’re going to have this problem fixed by 2018. I would be very doubtful,” Mr. Chertoff added. But he said he hope states will be ready by 2020.

But Ms. Layton said that other countries have wanted to influence U.S. elections for decades. “This isn’t the first time this has happened,” she added.

Sen. Ed Markey (D., Mass.) asked witnesses what they thought of his Cyber Shield Act, which would implement a voluntary cybersecurity certification program for Internet of things devices (TR Daily, Oct. 27, 2017).

Mr. Painter said the idea “has a lot of merit” as long as it doesn’t “create a conflicting regime” with the EU. Ms. Zheng expressed concern that Mr. Markey’s bill would result in countries each developing their own approach, which could hurt interoperability.

Sen. Markey said that “the Trump administration made a big mistake” in downgrading the cyber coordinator post at the State Department.

Sen. Ted Cruz (R., Texas) asked the witnesses to weigh in on legislation he introduced recently with Sen. Catherine Cortez Masto (D., Nev.). The Eliminate From Regulators Opportunities to Nationalize The Internet in Every Respect Act (E-FRONTIER Act) would ban the administration from nationalizing 5G networks without congressional authorization.

Sen. Cruz cited a memo leaked earlier this year that suggested such a nationalization proposal was being considered by the administration (TR Daily, Jan. 29), and he said that officials have “been less than clear in rejecting that idea.”

“It would be a disaster” if 5G networks were nationalized, said Ms. Layton. “It’s not where we should put our money.”

“In general, I think nationalization of a function like that stifles innovation and puts the government in a position which overreaches … what its proper role is,” said Mr. Chertoff.- Paul Kirby, [email protected]

Create a PasswordPlease enter a PasswordYour password must be at least 6 characters longNo validation was done for leading or trailing spaces in password.

Yes, I would like to create an account.

I consent to the collection of my personal information by Wolters Kluwer Legal & Regulatory U.S., operated through CCH Incorporated and its affiliate Kluwer Law International, so that I can create an account to store my contact information and order history to facilitate ecommerce transactions. I understand that my personal information will be processed for this purpose in the United States where CCH Incorporated operates.

You may change or withdraw your consent at any time by contacting our Customer Service team at +1-301-698-7100 or [email protected]. For more information about our privacy practices, please refer to our privacy statement: www.WoltersKluwerLR.com/privacy.

Online subscription product purchases require that you create an account.

Email Address
This field is required
Please Type Valid Email Address
Email Address has a minimum length of 0.
Company
This field is required
Country
This field is required

Yes, send me information on similar products and content from Wolters Kluwer.

I consent to the collection of my personal information by Wolters Kluwer Legal & Regulatory U.S., operated through CCH Incorporated and its affiliate Kluwer Law International, so that I can be contacted about similar product(s) and content. I understand that my personal information will be processed for this purpose in the United States where CCH Incorporated operates. Additionally, if the products being inquired about are fulfilled by Kluwer Law International, my personal information will be shared with Kluwer Law International and processed in the Netherlands or the United Kingdom where it operates.

You may change or withdraw your consent at any time by contacting our Customer Service team at +1-301-698-7100 or [email protected]. For more information about our privacy practices, please refer to our privacy statement: www.WoltersKluwerLR.com/privacy.

Thank you!

We apologize!

Interested in submitting an article?

First Name
This field is required

Last Name
This field is required

Email Address
This field is required
Please Type Valid Email Address
Area of Expertise
This field is required
Article Idea for Consideration
This field is required

Yes, send me information on similar products and content from Wolters Kluwer.

I consent to the collection of my personal information by Wolters Kluwer Legal & Regulatory U.S., operated through CCH Incorporated and its affiliate Kluwer Law International, so that I can be contacted about similar product(s) and content. I understand that my personal information will be processed for this purpose in the United States where CCH Incorporated operates. Additionally, if the products being inquired about are fulfilled by Kluwer Law International, my personal information will be shared with Kluwer Law International and processed in the Netherlands or the United Kingdom where it operates.

You may change or withdraw your consent at any time by contacting our Customer Service team at +1-301-698-7100 or [email protected]. For more information about our privacy practices, please refer to our privacy statement: www.WoltersKluwerLR.com/privacy.

Success

We appologize

Message Us

Thank you for your inquiry! We look forward to connecting with you.

First Name
This field is required

Last Name
This field is required

Email Address
This field is required
Please Type Valid Email Address
Phone Number
This field is required
Company Name
This field is required
Country
This field is required
Topic (Optional)Account or Invoice Number (Optional)Comments (Optional)

Thank you. We will contact you soon!

We apologize, but we failed to receive this message.

Thank You!

Thank You.

Your request has been forwarded to a Wolters Kluwer representative who will contact you shortly!